CxF component is throwing errors when we use WSDL file with WS Policy

One Star

CxF component is throwing errors when we use WSDL file with WS Policy

Cannot use cCXF Component as proxy to a secure web service,
1. I have exposed a simple SOAP web service which uses WS*Security. Security options (addressing and usertoken) are part of the WSDL Policy description.
2. A route, with cCxf component which I am using to read the http headers on the request and add them to the body before invoking secure service.
Tried the following options

1. Option 1 : With security enabled on WebSerivces- (WSDL Policy), and no security on Route
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>General security error (WSSecurityEngine: No password callback supplied)</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>

My assumption is since the security will be handled by the web service, cCXF element should just allow the request to pass through, Unfortunately it does not.
Request generated on the log
2013-08-05 23:09:33,376 | INFO | TestService?wsdl | TestServicePortType | 111 - org.apache.cxf.cxf-api - 2.7.3 | Inbound Message
----------------------------
ID: 1
Address: http://localhost:8040/services/TestService?wsdl
Encoding: UTF-8
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=, Cache-Control=, connection=, content-type=, Host=, Pragma=, User-Agent=}
--------------------------------------
And throws the following error on the route
WSS4JInInterceptor WARN
org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1074)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1010)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:365)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:937)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:998)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Unknown Source)
PhaseInterceptorChain WARN Interceptor for {http://www.talend.org/service/}TestService#{http://www.talend.org/service/}TestServiceOperation has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error (WSSecurityEngine: No password callback supplied)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:786)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:120)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:105)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1074)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1010)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:365)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:937)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:998)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No password callback supplied)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:155)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277)
... 24 more
NOTE: If the above route is deployed with Webservice with out security, it works perfectly fine.

NOTE: If you access the service directly without the CxFRoute proxy the request generated is the following and it works, and does exactly what it needs to do.
2013-08-05 22:55:33,216 | INFO | ices/TestService | TestServicePortType | 111 - org.apache.cxf.cxf-api - 2.7.3 | Inbound Message
----------------------------
ID: 17
Address: http://localhost:8040/services/TestService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=, connection=, Content-Length=, content-type=, Host=, SOAPAction=, User-Agent=}
Payload: <soapenv:Envelope xmlns:ser="http://www.talend.org/service/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsseSmiley Frustratedecurity soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameTo... wsu:Id="UsernameToken-24"><wsse:Username>karaf</wsse:Username><wsseSmiley Tongueassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">kar...Smiley Tongue EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">+vez...Smiley Frustrated soapenv:mustUnderstand="1">http://www.talend.org/service/TestServiceOperation</wsa:Action><wsa:MessageID soapenv:mustUnderstand="1">uuid:405fb727-0fec-45be-b7fc-8cc221375991</wsa:MessageID><wsa:To soapenv:mustUnderstand="1">http://localhost:8040/services/TestService</wsa:To></soapenv:Header>
<soapenv:Body>
<ser:TestServiceOperationRequest>
<in>test</in>
</ser:TestServiceOperationRequest>
</soapenv:Body>
</soapenv:Envelope>
Highlighted
Five Stars

Re: CxF component is throwing errors when we use WSDL file with WS Policy

Hi,
I am facing the same issue. Were you able to solve it? if Yes, how the call back was supplied to the route?

What’s New for Talend Summer ’19

Watch the recorded webinar!

Watch Now

An API-First Approach to Modernizing Applications

Learn how to use an API-First Approach to Modernize your Applications

Watch Now

Talend API Designer – Technical Overview

Take a look at this technical overview video of Talend API Designer

Watch Now

Getting Started with APIs

Find out how to get started with APIs

Read

6 Ways to Start Utilizing Machine Learning with Amazon We Services and Talend

Look at6 ways to start utilizing Machine Learning with Amazon We Services and Talend

Blog